Access Log : Meaning of "CONNECT smtp.mail.yahoo.com:25 HTTP/1.0" 400

Venugopal Pillai

Greenhorn

Posts: 1

posted 5 years ago

Hi,

Can anyone please explain the meaning of the line "CONNECT smtp.mail.yahoo.com:25 HTTP/1.0" 400 in my Tomcat Access Log file? I have not configured any mailing programs. Please let know if this is a security threat.

It's an attempt to leverage your tomcat server into being a spam proxy.

I don't think that in the normal course of events that you have anything to worry about as far as Tomcat goes. If you are fronting Tomcat with a stock webserver with proxying abilities such as Apache httpd, you should verify that you haven't accidentally set up reverse proxying that would allow Apache to be exploited.